Developing Windows Phone 7 Applications for SharePoint 2010

The Windows Phone 7 platform contains great out of the box integration with SharePoint under the Office Hub. But what if you want to create your own custom applications on the phone that leverage SharePoint 2010 data and services? In this blog post I will take you through the process of creating your first custom Silverlight application on the phone that consumes SharePoint data.

The Office Hub

The Office hub provides great access to your SharePoint documents. The Office hub also provides a great OneNote experience allowing you to take written and voice notes. These documents and notes are synchronized with the SharePoint server. PC World has a good article on some of the features.

An application that many users have never seen--Microsoft's SharePoint--plays a key role in Windows Phone 7 Series' Office Hub, the center of business activities in the new smartphone operating system.

The Office hub is not extensible nor can you interact with the hub from another application. The only option is to create a custom Silverlight application. Let's take a look at how to do this.

Custom SharePoint Applications

While the Office hub is interesting and has a lot of capabilities out of the box. As a developer I just want to be able to create my own applications that can leverage the full power of the SharePoint platform. In this sample application I will call the SharePoint Lists.asmx Web Service to retrieve Tasks from the Tasks List. The Tasks are data bound to a ListBox (in green below). There is also a data bound details Grid (in red below) that will show the Task details of the selected item.

Forms Based Authentication (FBA)

One of the first hurdles when developing a SharePoint app is the fact that Windows Phone 7 does not support Windows Authentication (NTLM). This means that you will need to enable FBA on your SharePoint site. In the sample that I created I used a LDAP claims provider. This enabled me to use the same users that I already had in my Active Directory store. I also enabled dual mode so that I could log into the SharePoint site using either Windows Authentication (NTLM) or Forms Based Authentication (FBA). I also enabled anonymous access as well. This allowed me to choose which login method I wanted to use. Without enabling anonymous access the browser would have automatically logged me in with my current NTLM credentials. The bottom line is that you need to enable FBA on your SharePoint sites that you will access from the Phone.

On the left side of the above diagram is the “Classic” authentication path. The only option is NTML. If you want to enable FBA then you must choose to create the SharePoint Web Application using “Claims” mode. Once you enable claims mode then you can choose from a number or claim providers.

Getting the Security Token

The process for logging into SharePoint is outlined in the following diagram (and simplified). First the app/user tries to access a secure resource/service. They are redirected to a login page. The login page redirects to the authentication.asmx service. The authentication service returns a security token (FEDAUTH). For every subsequent call the security token is passed to the server. The sever verifies the token and returns the requested resource/service.

So all you need to do is get the security token and pass it along. It sounds simple enough. The problem is that the FEDAUTH security cookie is marked with a “HTTPOnly” flag, this means that you cannot access this cookie from code. All of the APIs in the stack honor this flag so you can’t get to the FEDAUTH token. Fortunately .NET includes a CookieContainer class that holds the collection of cookies sent and retrieved from a web request. Here is the “Trick” to make everything work. If you look into this CookieContainer class in the debugger you will not see the FEDAUTH cookie or any other HTTPOnly, but they are there. All you need to do is simply pass the CookieContainer along from call to call.

Once you have the security token, or at least the CookieContainer that the token is in, you can create your SharePoint application using Web Services or WCF Data Services just as you would with any other SharePoint application. Unfortunately, the Silverlight Client Object Model is not supported on the Phone.

Calling the Authentication.asmx Service

The Authentication.asmx service takes a username and password and returns a FEDAUTH security token as a HTTPOnly cookie. the problem is that you cannot add the service using the Add Service Reference in Visual Studio. The proxy that is generated is not compatible. I would image that you could edit the proxy code to fix the compatibility issues, but I choose to take a different approach. Instead of using Visual Studio to generate a proxy I use the HTTPWebRequest class to make raw calls to the service. Here is the code to call the Authentication.asmx service and fill the CookieContainer with the FEDAUTH security token.

1. First create an event to fire when the authentication is complete. and then create a CookieContainer to hold the security token. I highlighted the key lines.

2. Here is the core code to call the authentication service. You should just copy this code block into your app. The code is in the order that it flows, so first create the request, then fill the body with the SOAP message, then handle the results and fire the OnAuthenticated event. I highlighted the key lines.

Calling the SharePoint List Service

Once you have the CookieContainer with the FEDAUTH security token you can simply just pass it along and make service calls to SharePoint as you would in any SharePoint app. In this case I used the Add Service Reference tools in Visual Studio to add a reference to the Lists.asmx Web Service.

1. Get the Tasks once the authentication is complete. I highlighted the key lines.

Download the Sample Application

Next Steps

There is much more to do around developing SharePoint Phone applications. I have some more samples and examples that I will post and blog about in the future. I have also recorded this session last week at the SharePoint Connections Conference in the Hague. So this will be posted as soon as it is ready. I am also working on an MSDN Magazine article that will be be out soon.

You do not need to create your own services. Which Service reference are you having trouble with? In this sample I hardcoded the authentication service in the code. You need to change this to point to your server. If you have done this, what is the error your are receiving. For exampl here is path to my server.

The content type text/html; charset=utf-8 of the response message does not match the content type of the binding (application/soap+xml; charset=utf-8). If using a custom encoder, be sure that the IsContentTypeSupported method is implemented properly. The first 1024 bytes of the response were: '<HTML dir="ltr">

1) Source Code: I downloaded the source, changed the relevant bits (username/password and url of sharepoint site), but when I run it I get an unhandled ArgumentNullException when calling GetTasks(), though it authenticates alright. Am I missing something? I put a sample task in the task list, so don't think it's that.

2) I'm trying to use the same approach within a Silverlight 4 application, so have been translating your steps. So far I've managed to solve a few issues by using the client HTTP stack (instead of the browser) and by adding enableHttpCookieContainer="true" to the client config file. Now I can call Authenticate() and the OnAuthenticated event is raised, but when I call GetTasks() I get an authentication error. Any thoughts on what could be causing this?

I have a 2010 server running in Claims mode with ADFS profiding the logon page. I can logon with Windows Phone 7 IE page but not with the Office Hub "Connecting" page. The username and password fields don't allow me to enter anything…

Hi Paul…. I have downloaded the source, and made relevent changes (username/password and url of sharepoint site), but when I run it I get an unhandled ArgumentNullException when calling authentication code at the response line.Please Help,